Lylme Spage
by Lylme
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34982 | Cri | 0.64 | 9.8 | 0.05 | May 17, 2024 | An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2023-45952 | Cri | 0.64 | 9.8 | 0.01 | Oct 17, 2023 | An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||
| CVE-2023-45951 | Cri | 0.64 | 9.8 | 0.01 | Oct 17, 2023 | lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php. | ||
| CVE-2024-36675 | Cri | 0.59 | 9.1 | 0.01 | Jun 4, 2024 | LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. | ||
| CVE-2024-36674 | Med | 0.40 | 6.1 | 0.00 | Jun 3, 2024 | LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php. | ||
| CVE-2024-9790 | Med | 0.31 | 4.7 | 0.01 | Oct 10, 2024 | A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been… | ||
| CVE-2024-9789 | Med | 0.31 | 4.7 | 0.01 | Oct 10, 2024 | A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to… | ||
| CVE-2024-9788 | Med | 0.31 | 4.7 | 0.01 | Oct 10, 2024 | A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to… |
- risk 0.64cvss 9.8epss 0.05
An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.
- risk 0.64cvss 9.8epss 0.01
An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file.
- risk 0.64cvss 9.8epss 0.01
lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php.
- risk 0.59cvss 9.1epss 0.01
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
- risk 0.40cvss 6.1epss 0.00
LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php.
- risk 0.31cvss 4.7epss 0.01
A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been…
- risk 0.31cvss 4.7epss 0.01
A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to…
- risk 0.31cvss 4.7epss 0.01
A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to…